I recently returned from the ASIS show and Las Vegas. Like many of the various trade shows editors attend, much show's focus was on the floor where manufacturers were displaying their latest pieces of security hardware.

The sophistication of security technology available off the shelf compared to even a few years ago is truly amazing, especially when it comes to video analytics. One company is now offering a system that has the ability to trigger an alarm when a person in an airport sets down a bag and walks away. The system can even track the person who set the bag down.

One interesting debate in the industry is whether the analytics and other technology should be embedded at the edge (basically, in the camera) or whether it should be centralized and handled by a server.

Each approach has its benefits — and drawbacks. By doing the processing at the camera, using technology at the edge has the potential to reduce the load on the network. On the other hand, centralizing that function in a server makes it much easer to upgrade in the future.

As security technology evolves, one thing stays the same — the need to do a threat assessment. Because only when a company precisely identifies the threats it is facing can it implement a security system that meets its needs without being overly complex to operate or too expensive.

What's more, threat assessments shouldn't be static documents that spend time collecting dust on a shelf. Because just as technology evolves, so too do the security challenges facing a company. Best practices call for revisiting a threat assessment proactively (perhaps every year or two) not after an incident has occurred.